{"id":7704,"date":"2021-04-18T13:03:32","date_gmt":"2021-04-18T18:03:32","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=7704"},"modified":"2021-04-18T13:03:58","modified_gmt":"2021-04-18T18:03:58","slug":"viewing-and-recording-packets-using-tshark","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=7704","title":{"rendered":"Viewing and recording packets using tshark"},"content":{"rendered":"<p>This time, I&#8217;m writing this down so I don&#8217;t have to keep looking it up. To display some packet info to the screen while writing a network capture to a file, include the -P option (older versions of tshark used -S)<\/p>\n<pre>2021-04-18 13:58:58 [lisa@server ~]# tshark -f \"udp port 123\" -w \/tmp\/ntpd.cap -P\r\nRunning as user \"root\" and group \"root\". This could be dangerous.\r\nCapturing on 'enp0s25'\r\n1 0.000000000 10.x.x.x \u2192 x.x.x.18 NTP 90 NTP Version 4, client\r\n2 3.898916081 10.x.x.x \u2192 x.x.x.199 NTP 90 NTP Version 4, client\r\n3 7.898948128 10.x.x.x \u2192 x.x.x.20 NTP 90 NTP Version 4, client\r\n4 7.928749596 x.x.x.20 \u2192 10.x.x.x NTP 90 NTP Version 4, server\r\n5 9.898958577 10.x.x.x \u2192 x.x.x.76 NTP 90 NTP Version 4, client\r\n6 9.949450324 x.x.x.76 \u2192 10.x.x.x NTP 90 NTP Version 4, server\r\n7 10.898981132 10.x.x.x \u2192 x.x.x.185 NTP 90 NTP Version 4, client\r\n8 11.009163093 x.x.x.185 \u2192 10.x.x.x NTP 90 NTP Version 4, server<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>This time, I&#8217;m writing this down so I don&#8217;t have to keep looking it up. To display some packet info to the screen while writing a network capture to a file, include the -P option (older versions of tshark used -S) 2021-04-18 13:58:58 [lisa@server ~]# tshark -f &#8220;udp port 123&#8221; -w \/tmp\/ntpd.cap -P Running as &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[294,1336,1338,1337],"class_list":["post-7704","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-linux","tag-packet-capture","tag-tshark","tag-wireshark"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/7704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7704"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/7704\/revisions"}],"predecessor-version":[{"id":7705,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/7704\/revisions\/7705"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}